package se.swedenconnect.opensaml.xmlsec.config;

import java.util.ArrayList;
import java.util.Arrays;
import javax.annotation.Nonnull;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.SignatureSigningConfiguration;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleKeyInfoReferenceEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration;
import org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager;
import se.swedenconnect.opensaml.xmlsec.BasicExtendedEncryptionConfiguration;
import se.swedenconnect.opensaml.xmlsec.encryption.support.ConcatKDFParameters;
import se.swedenconnect.opensaml.xmlsec.encryption.support.EcEncryptionConstants;
import se.swedenconnect.opensaml.xmlsec.keyinfo.KeyAgreementKeyInfoGeneratorFactory;

/* loaded from: input_file:se/swedenconnect/opensaml/xmlsec/config/ExtendedDefaultSecurityConfigurationBootstrap.class */
public class ExtendedDefaultSecurityConfigurationBootstrap extends DefaultSecurityConfigurationBootstrap {
    protected ExtendedDefaultSecurityConfigurationBootstrap() {
    }

    @Nonnull
    public static BasicExtendedEncryptionConfiguration buildDefaultEncryptionConfiguration() {
        return buildDefaultEncryptionConfiguration(DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration());
    }

    public static BasicExtendedEncryptionConfiguration buildDefaultEncryptionConfiguration(EncryptionConfiguration encryptionConfiguration) {
        if (BasicExtendedEncryptionConfiguration.class.isInstance(encryptionConfiguration)) {
            return (BasicExtendedEncryptionConfiguration) BasicExtendedEncryptionConfiguration.class.cast(encryptionConfiguration);
        }
        if (encryptionConfiguration == null) {
            encryptionConfiguration = DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration();
        }
        BasicExtendedEncryptionConfiguration basicExtendedEncryptionConfiguration = new BasicExtendedEncryptionConfiguration();
        basicExtendedEncryptionConfiguration.setAgreementMethodAlgorithms(Arrays.asList(EcEncryptionConstants.ALGO_ID_KEYAGREEMENT_ECDH_ES));
        basicExtendedEncryptionConfiguration.setKeyDerivationAlgorithms(Arrays.asList(EcEncryptionConstants.ALGO_ID_KEYDERIVATION_CONCAT));
        basicExtendedEncryptionConfiguration.setConcatKDFParameters(new ConcatKDFParameters("http://www.w3.org/2001/04/xmlenc#sha256"));
        basicExtendedEncryptionConfiguration.setBlacklistedAlgorithms(encryptionConfiguration.getBlacklistedAlgorithms());
        basicExtendedEncryptionConfiguration.setBlacklistMerge(encryptionConfiguration.isBlacklistMerge());
        basicExtendedEncryptionConfiguration.setWhitelistBlacklistPrecedence(encryptionConfiguration.getWhitelistBlacklistPrecedence());
        basicExtendedEncryptionConfiguration.setWhitelistedAlgorithms(encryptionConfiguration.getWhitelistedAlgorithms());
        basicExtendedEncryptionConfiguration.setWhitelistMerge(encryptionConfiguration.isWhitelistMerge());
        basicExtendedEncryptionConfiguration.setDataEncryptionAlgorithms(encryptionConfiguration.getDataEncryptionAlgorithms());
        basicExtendedEncryptionConfiguration.setDataEncryptionCredentials(encryptionConfiguration.getDataEncryptionCredentials());
        basicExtendedEncryptionConfiguration.setDataKeyInfoGeneratorManager(encryptionConfiguration.getDataKeyInfoGeneratorManager());
        basicExtendedEncryptionConfiguration.setKeyTransportAlgorithmPredicate(encryptionConfiguration.getKeyTransportAlgorithmPredicate());
        basicExtendedEncryptionConfiguration.setKeyTransportEncryptionCredentials(encryptionConfiguration.getKeyTransportEncryptionCredentials());
        basicExtendedEncryptionConfiguration.setRSAOAEPParameters(encryptionConfiguration.getRSAOAEPParameters());
        basicExtendedEncryptionConfiguration.setRSAOAEPParametersMerge(encryptionConfiguration.isRSAOAEPParametersMerge());
        basicExtendedEncryptionConfiguration.setKeyTransportKeyInfoGeneratorManager(encryptionConfiguration.getKeyTransportKeyInfoGeneratorManager());
        if (encryptionConfiguration.getKeyTransportEncryptionAlgorithms().equals(DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration().getKeyTransportEncryptionAlgorithms())) {
            basicExtendedEncryptionConfiguration.setKeyTransportEncryptionAlgorithms(Arrays.asList("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2001/04/xmlenc#kw-aes256", "http://www.w3.org/2001/04/xmlenc#kw-aes192", "http://www.w3.org/2001/04/xmlenc#kw-aes128", "http://www.w3.org/2001/04/xmlenc#kw-tripledes"));
        } else {
            basicExtendedEncryptionConfiguration.setKeyTransportEncryptionAlgorithms(encryptionConfiguration.getKeyTransportEncryptionAlgorithms());
        }
        return basicExtendedEncryptionConfiguration;
    }

    public static BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration() {
        return buildDefaultSignatureSigningConfiguration(null);
    }

    public static BasicSignatureSigningConfiguration buildDefaultSignatureSigningConfiguration(SignatureSigningConfiguration signatureSigningConfiguration) {
        BasicSignatureSigningConfiguration basicSignatureSigningConfiguration;
        if (signatureSigningConfiguration == null) {
            basicSignatureSigningConfiguration = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
        } else if (BasicSignatureSigningConfiguration.class.isInstance(signatureSigningConfiguration)) {
            basicSignatureSigningConfiguration = (BasicSignatureSigningConfiguration) BasicSignatureSigningConfiguration.class.cast(signatureSigningConfiguration);
        } else {
            basicSignatureSigningConfiguration = new BasicSignatureSigningConfiguration();
            basicSignatureSigningConfiguration.setBlacklistedAlgorithms(signatureSigningConfiguration.getBlacklistedAlgorithms());
            basicSignatureSigningConfiguration.setBlacklistMerge(signatureSigningConfiguration.isBlacklistMerge());
            basicSignatureSigningConfiguration.setWhitelistedAlgorithms(signatureSigningConfiguration.getWhitelistedAlgorithms());
            basicSignatureSigningConfiguration.setWhitelistMerge(signatureSigningConfiguration.isWhitelistMerge());
            basicSignatureSigningConfiguration.setWhitelistBlacklistPrecedence(signatureSigningConfiguration.getWhitelistBlacklistPrecedence());
            basicSignatureSigningConfiguration.setKeyInfoGeneratorManager(signatureSigningConfiguration.getKeyInfoGeneratorManager());
            basicSignatureSigningConfiguration.setSignatureCanonicalizationAlgorithm(signatureSigningConfiguration.getSignatureCanonicalizationAlgorithm());
            basicSignatureSigningConfiguration.setSignatureHMACOutputLength(signatureSigningConfiguration.getSignatureHMACOutputLength());
            basicSignatureSigningConfiguration.setSignatureReferenceCanonicalizationAlgorithm(signatureSigningConfiguration.getSignatureReferenceCanonicalizationAlgorithm());
            basicSignatureSigningConfiguration.setSignatureReferenceDigestMethods(signatureSigningConfiguration.getSignatureReferenceDigestMethods());
            basicSignatureSigningConfiguration.setSigningCredentials(signatureSigningConfiguration.getSigningCredentials());
            basicSignatureSigningConfiguration.setSignatureAlgorithms(signatureSigningConfiguration.getSignatureAlgorithms());
        }
        ArrayList arrayList = new ArrayList(basicSignatureSigningConfiguration.getSignatureAlgorithms());
        if (!arrayList.contains("http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1")) {
            arrayList.add("http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1");
        }
        if (!arrayList.contains("http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1")) {
            arrayList.add("http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1");
        }
        if (!arrayList.contains("http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1")) {
            arrayList.add("http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1");
        }
        if (!arrayList.contains("http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1")) {
            arrayList.add("http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1");
        }
        if (!arrayList.contains("http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1")) {
            arrayList.add("http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1");
        }
        if (!arrayList.contains("http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1")) {
            arrayList.add("http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1");
        }
        if (!arrayList.contains("http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1")) {
            arrayList.add("http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1");
        }
        if (!arrayList.contains("http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1")) {
            arrayList.add("http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1");
        }
        basicSignatureSigningConfiguration.setSignatureAlgorithms(arrayList);
        return basicSignatureSigningConfiguration;
    }

    protected static EncryptedKeyResolver buildBasicEncryptedKeyResolver() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new InlineEncryptedKeyResolver());
        arrayList.add(new EncryptedElementTypeEncryptedKeyResolver());
        arrayList.add(new SimpleRetrievalMethodEncryptedKeyResolver());
        arrayList.add(new SimpleKeyInfoReferenceEncryptedKeyResolver());
        return new ChainingEncryptedKeyResolver(arrayList);
    }

    public static NamedKeyInfoGeneratorManager buildBasicKeyInfoGeneratorManager() {
        return buildBasicKeyInfoGeneratorManager(DefaultSecurityConfigurationBootstrap.buildBasicKeyInfoGeneratorManager());
    }

    public static NamedKeyInfoGeneratorManager buildBasicKeyInfoGeneratorManager(NamedKeyInfoGeneratorManager namedKeyInfoGeneratorManager) {
        namedKeyInfoGeneratorManager.getDefaultManager().registerFactory(buildDefaultKeyAgreementKeyInfoGeneratorFactory());
        return namedKeyInfoGeneratorManager;
    }

    public static KeyAgreementKeyInfoGeneratorFactory buildDefaultKeyAgreementKeyInfoGeneratorFactory() {
        KeyAgreementKeyInfoGeneratorFactory keyAgreementKeyInfoGeneratorFactory = new KeyAgreementKeyInfoGeneratorFactory();
        keyAgreementKeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        keyAgreementKeyInfoGeneratorFactory.setEmitOriginatorKeyInfoPublicKeyValue(true);
        return keyAgreementKeyInfoGeneratorFactory;
    }
}
